On 09.06.2011 14:52, Eric Paris wrote: > On Thu, Jun 9, 2011 at 8:28 AM, Patrick McHardy <kaber@xxxxxxxxx> wrote: >> Just to make sure, so the conclusion is that the patch is fine as >> it is and anything related to unconvertible secids will be handled >> by SELinux internally? >> > > No. This patch does not get my ACK. Steve is right that silently > dropping information is a big big no no for the audit system and > that's what this patch does. This cannot be wholly handled properly > inside the LSM either. I don't see any patch meeting everyone's > requirements outside of a new one that includes the audit helper I > suggested. OK, I see, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
